------------------------------------------------------------------- Thu May 14 18:05:26 CEST 2009 - mrueckert@suse.de - update to version 2.5.9 - Fixed parsing multipart content with a missing part header name which would crash Apache. Discovered by "Internet Security Auditors" (isecauditors.com). - Added ability to specify the config script directly using --with-apr and --with-apu. - Added macro expansion for append/prepend action. - Fixed race condition in concurrent updates of persistent counters. Updates are now atomic. - Cleaned up build, adding an option for verbose configure output and making the mlogc build more portable. - additional changes from 2.5.8 - Fixed PDF XSS issue where a non-GET request for a PDF file would crash the Apache httpd process. Discovered by Steve Grubb at Red Hat. - Removed an invalid "Internal error: Issuing "%s" for unspecified error." message that was logged when denying with nolog/noauditlog set and causing the request to be audited. - additional changes from 2.5.7 - Fixed XML DTD/Schema validation which will now fail after request body processing errors, even if the XML parser returns a document tree. - Added ctl:forceRequestBodyVariable=on|off which, when enabled, will force the REQUEST_BODY variable to be set when a request body processor is not set. Previously the REQUEST_BODY target was only populated by the URLENCODED request body processor. - Integrated mlogc source. - Fixed logging the hostname in the error_log which was logging the request hostname instead of the Apache resolved hostname. - Allow for disabling request body limit checks in phase:1. - Added transformations for processing parity for legacy protocols ported to HTTP(S): t:parityEven7bit, t:parityOdd7bit, t:parityZero7bit - Added t:cssDecode transformation to decode CSS escapes. - Now log XML parsing/validation warnings and errors to be in the debug log at levels 3 and 4, respectivly. - build and package mlogc - remove --with-apxs from the configure args as it breaks the build configure now finds our apxs2 ------------------------------------------------------------------- Fri Jan 23 16:56:55 CET 2009 - skh@suse.de - fix broken config [bnc#457200] ------------------------------------------------------------------- Mon Sep 15 14:05:05 CEST 2008 - skh@suse.de - update to version 2.5.6 - initial submit to FACTORY ------------------------------------------------------------------- Mon May 12 05:25:07 CEST 2008 - jg@internetx.de -update to 2.1.7 ------------------------------------------------------------------- Thu Feb 3 05:44:12 CEST 2008 - jg@internetx.de -update to 2.1.6 ------------------------------------------------------------------- Wed Aug 8 05:36:42 CEST 2007 - mrueckert@suse.de - update to 2.1.2 ------------------------------------------------------------------- Mon Apr 16 10:34:05 CEST 2007 - mrueckert@suse.de - update to 2.1.1 - switched to perl based patching instead of cmdline params for make ------------------------------------------------------------------- Fri Sep 22 08:31:51 CEST 2006 - poeml@suse.de - fix build (./install was vanished)